1 /* 2 * inode.c -- user mode filesystem api for usb gadget controllers 3 * 4 * Copyright (C) 2003-2004 David Brownell 5 * Copyright (C) 2003 Agilent Technologies 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 */ 12 13 14 /* #define VERBOSE_DEBUG */ 15 16 #include <linux/init.h> 17 #include <linux/module.h> 18 #include <linux/fs.h> 19 #include <linux/pagemap.h> 20 #include <linux/uts.h> 21 #include <linux/wait.h> 22 #include <linux/compiler.h> 23 #include <asm/uaccess.h> 24 #include <linux/sched.h> 25 #include <linux/slab.h> 26 #include <linux/poll.h> 27 #include <linux/mmu_context.h> 28 #include <linux/aio.h> 29 30 #include <linux/device.h> 31 #include <linux/moduleparam.h> 32 33 #include <linux/usb/gadgetfs.h> 34 #include <linux/usb/gadget.h> 35 36 37 /* 38 * The gadgetfs API maps each endpoint to a file descriptor so that you 39 * can use standard synchronous read/write calls for I/O. There's some 40 * O_NONBLOCK and O_ASYNC/FASYNC style i/o support. Example usermode 41 * drivers show how this works in practice. You can also use AIO to 42 * eliminate I/O gaps between requests, to help when streaming data. 43 * 44 * Key parts that must be USB-specific are protocols defining how the 45 * read/write operations relate to the hardware state machines. There 46 * are two types of files. One type is for the device, implementing ep0. 47 * The other type is for each IN or OUT endpoint. In both cases, the 48 * user mode driver must configure the hardware before using it. 49 * 50 * - First, dev_config() is called when /dev/gadget/$CHIP is configured 51 * (by writing configuration and device descriptors). Afterwards it 52 * may serve as a source of device events, used to handle all control 53 * requests other than basic enumeration. 54 * 55 * - Then, after a SET_CONFIGURATION control request, ep_config() is 56 * called when each /dev/gadget/ep* file is configured (by writing 57 * endpoint descriptors). Afterwards these files are used to write() 58 * IN data or to read() OUT data. To halt the endpoint, a "wrong 59 * direction" request is issued (like reading an IN endpoint). 60 * 61 * Unlike "usbfs" the only ioctl()s are for things that are rare, and maybe 62 * not possible on all hardware. For example, precise fault handling with 63 * respect to data left in endpoint fifos after aborted operations; or 64 * selective clearing of endpoint halts, to implement SET_INTERFACE. 65 */ 66 67 #define DRIVER_DESC "USB Gadget filesystem" 68 #define DRIVER_VERSION "24 Aug 2004" 69 70 static const char driver_desc [] = DRIVER_DESC; 71 static const char shortname [] = "gadgetfs"; 72 73 MODULE_DESCRIPTION (DRIVER_DESC); 74 MODULE_AUTHOR ("David Brownell"); 75 MODULE_LICENSE ("GPL"); 76 77 78 /*----------------------------------------------------------------------*/ 79 80 #define GADGETFS_MAGIC 0xaee71ee7 81 82 /* /dev/gadget/$CHIP represents ep0 and the whole device */ 83 enum ep0_state { 84 /* DISBLED is the initial state. 85 */ 86 STATE_DEV_DISABLED = 0, 87 88 /* Only one open() of /dev/gadget/$CHIP; only one file tracks 89 * ep0/device i/o modes and binding to the controller. Driver 90 * must always write descriptors to initialize the device, then 91 * the device becomes UNCONNECTED until enumeration. 92 */ 93 STATE_DEV_OPENED, 94 95 /* From then on, ep0 fd is in either of two basic modes: 96 * - (UN)CONNECTED: read usb_gadgetfs_event(s) from it 97 * - SETUP: read/write will transfer control data and succeed; 98 * or if "wrong direction", performs protocol stall 99 */ 100 STATE_DEV_UNCONNECTED, 101 STATE_DEV_CONNECTED, 102 STATE_DEV_SETUP, 103 104 /* UNBOUND means the driver closed ep0, so the device won't be 105 * accessible again (DEV_DISABLED) until all fds are closed. 106 */ 107 STATE_DEV_UNBOUND, 108 }; 109 110 /* enough for the whole queue: most events invalidate others */ 111 #define N_EVENT 5 112 113 struct dev_data { 114 spinlock_t lock; 115 atomic_t count; 116 enum ep0_state state; /* P: lock */ 117 struct usb_gadgetfs_event event [N_EVENT]; 118 unsigned ev_next; 119 struct fasync_struct *fasync; 120 u8 current_config; 121 122 /* drivers reading ep0 MUST handle control requests (SETUP) 123 * reported that way; else the host will time out. 124 */ 125 unsigned usermode_setup : 1, 126 setup_in : 1, 127 setup_can_stall : 1, 128 setup_out_ready : 1, 129 setup_out_error : 1, 130 setup_abort : 1; 131 unsigned setup_wLength; 132 133 /* the rest is basically write-once */ 134 struct usb_config_descriptor *config, *hs_config; 135 struct usb_device_descriptor *dev; 136 struct usb_request *req; 137 struct usb_gadget *gadget; 138 struct list_head epfiles; 139 void *buf; 140 wait_queue_head_t wait; 141 struct super_block *sb; 142 struct dentry *dentry; 143 144 /* except this scratch i/o buffer for ep0 */ 145 u8 rbuf [256]; 146 }; 147 148 static inline void get_dev (struct dev_data *data) 149 { 150 atomic_inc (&data->count); 151 } 152 153 static void put_dev (struct dev_data *data) 154 { 155 if (likely (!atomic_dec_and_test (&data->count))) 156 return; 157 /* needs no more cleanup */ 158 BUG_ON (waitqueue_active (&data->wait)); 159 kfree (data); 160 } 161 162 static struct dev_data *dev_new (void) 163 { 164 struct dev_data *dev; 165 166 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 167 if (!dev) 168 return NULL; 169 dev->state = STATE_DEV_DISABLED; 170 atomic_set (&dev->count, 1); 171 spin_lock_init (&dev->lock); 172 INIT_LIST_HEAD (&dev->epfiles); 173 init_waitqueue_head (&dev->wait); 174 return dev; 175 } 176 177 /*----------------------------------------------------------------------*/ 178 179 /* other /dev/gadget/$ENDPOINT files represent endpoints */ 180 enum ep_state { 181 STATE_EP_DISABLED = 0, 182 STATE_EP_READY, 183 STATE_EP_ENABLED, 184 STATE_EP_UNBOUND, 185 }; 186 187 struct ep_data { 188 struct mutex lock; 189 enum ep_state state; 190 atomic_t count; 191 struct dev_data *dev; 192 /* must hold dev->lock before accessing ep or req */ 193 struct usb_ep *ep; 194 struct usb_request *req; 195 ssize_t status; 196 char name [16]; 197 struct usb_endpoint_descriptor desc, hs_desc; 198 struct list_head epfiles; 199 wait_queue_head_t wait; 200 struct dentry *dentry; 201 }; 202 203 static inline void get_ep (struct ep_data *data) 204 { 205 atomic_inc (&data->count); 206 } 207 208 static void put_ep (struct ep_data *data) 209 { 210 if (likely (!atomic_dec_and_test (&data->count))) 211 return; 212 put_dev (data->dev); 213 /* needs no more cleanup */ 214 BUG_ON (!list_empty (&data->epfiles)); 215 BUG_ON (waitqueue_active (&data->wait)); 216 kfree (data); 217 } 218 219 /*----------------------------------------------------------------------*/ 220 221 /* most "how to use the hardware" policy choices are in userspace: 222 * mapping endpoint roles (which the driver needs) to the capabilities 223 * which the usb controller has. most of those capabilities are exposed 224 * implicitly, starting with the driver name and then endpoint names. 225 */ 226 227 static const char *CHIP; 228 229 /*----------------------------------------------------------------------*/ 230 231 /* NOTE: don't use dev_printk calls before binding to the gadget 232 * at the end of ep0 configuration, or after unbind. 233 */ 234 235 /* too wordy: dev_printk(level , &(d)->gadget->dev , fmt , ## args) */ 236 #define xprintk(d,level,fmt,args...) \ 237 printk(level "%s: " fmt , shortname , ## args) 238 239 #ifdef DEBUG 240 #define DBG(dev,fmt,args...) \ 241 xprintk(dev , KERN_DEBUG , fmt , ## args) 242 #else 243 #define DBG(dev,fmt,args...) \ 244 do { } while (0) 245 #endif /* DEBUG */ 246 247 #ifdef VERBOSE_DEBUG 248 #define VDEBUG DBG 249 #else 250 #define VDEBUG(dev,fmt,args...) \ 251 do { } while (0) 252 #endif /* DEBUG */ 253 254 #define ERROR(dev,fmt,args...) \ 255 xprintk(dev , KERN_ERR , fmt , ## args) 256 #define INFO(dev,fmt,args...) \ 257 xprintk(dev , KERN_INFO , fmt , ## args) 258 259 260 /*----------------------------------------------------------------------*/ 261 262 /* SYNCHRONOUS ENDPOINT OPERATIONS (bulk/intr/iso) 263 * 264 * After opening, configure non-control endpoints. Then use normal 265 * stream read() and write() requests; and maybe ioctl() to get more 266 * precise FIFO status when recovering from cancellation. 267 */ 268 269 static void epio_complete (struct usb_ep *ep, struct usb_request *req) 270 { 271 struct ep_data *epdata = ep->driver_data; 272 273 if (!req->context) 274 return; 275 if (req->status) 276 epdata->status = req->status; 277 else 278 epdata->status = req->actual; 279 complete ((struct completion *)req->context); 280 } 281 282 /* tasklock endpoint, returning when it's connected. 283 * still need dev->lock to use epdata->ep. 284 */ 285 static int 286 get_ready_ep (unsigned f_flags, struct ep_data *epdata) 287 { 288 int val; 289 290 if (f_flags & O_NONBLOCK) { 291 if (!mutex_trylock(&epdata->lock)) 292 goto nonblock; 293 if (epdata->state != STATE_EP_ENABLED) { 294 mutex_unlock(&epdata->lock); 295 nonblock: 296 val = -EAGAIN; 297 } else 298 val = 0; 299 return val; 300 } 301 302 val = mutex_lock_interruptible(&epdata->lock); 303 if (val < 0) 304 return val; 305 306 switch (epdata->state) { 307 case STATE_EP_ENABLED: 308 break; 309 // case STATE_EP_DISABLED: /* "can't happen" */ 310 // case STATE_EP_READY: /* "can't happen" */ 311 default: /* error! */ 312 pr_debug ("%s: ep %p not available, state %d\n", 313 shortname, epdata, epdata->state); 314 // FALLTHROUGH 315 case STATE_EP_UNBOUND: /* clean disconnect */ 316 val = -ENODEV; 317 mutex_unlock(&epdata->lock); 318 } 319 return val; 320 } 321 322 static ssize_t 323 ep_io (struct ep_data *epdata, void *buf, unsigned len) 324 { 325 DECLARE_COMPLETION_ONSTACK (done); 326 int value; 327 328 spin_lock_irq (&epdata->dev->lock); 329 if (likely (epdata->ep != NULL)) { 330 struct usb_request *req = epdata->req; 331 332 req->context = &done; 333 req->complete = epio_complete; 334 req->buf = buf; 335 req->length = len; 336 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC); 337 } else 338 value = -ENODEV; 339 spin_unlock_irq (&epdata->dev->lock); 340 341 if (likely (value == 0)) { 342 value = wait_event_interruptible (done.wait, done.done); 343 if (value != 0) { 344 spin_lock_irq (&epdata->dev->lock); 345 if (likely (epdata->ep != NULL)) { 346 DBG (epdata->dev, "%s i/o interrupted\n", 347 epdata->name); 348 usb_ep_dequeue (epdata->ep, epdata->req); 349 spin_unlock_irq (&epdata->dev->lock); 350 351 wait_event (done.wait, done.done); 352 if (epdata->status == -ECONNRESET) 353 epdata->status = -EINTR; 354 } else { 355 spin_unlock_irq (&epdata->dev->lock); 356 357 DBG (epdata->dev, "endpoint gone\n"); 358 epdata->status = -ENODEV; 359 } 360 } 361 return epdata->status; 362 } 363 return value; 364 } 365 366 367 /* handle a synchronous OUT bulk/intr/iso transfer */ 368 static ssize_t 369 ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr) 370 { 371 struct ep_data *data = fd->private_data; 372 void *kbuf; 373 ssize_t value; 374 375 if ((value = get_ready_ep (fd->f_flags, data)) < 0) 376 return value; 377 378 /* halt any endpoint by doing a "wrong direction" i/o call */ 379 if (usb_endpoint_dir_in(&data->desc)) { 380 if (usb_endpoint_xfer_isoc(&data->desc)) { 381 mutex_unlock(&data->lock); 382 return -EINVAL; 383 } 384 DBG (data->dev, "%s halt\n", data->name); 385 spin_lock_irq (&data->dev->lock); 386 if (likely (data->ep != NULL)) 387 usb_ep_set_halt (data->ep); 388 spin_unlock_irq (&data->dev->lock); 389 mutex_unlock(&data->lock); 390 return -EBADMSG; 391 } 392 393 /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */ 394 395 value = -ENOMEM; 396 kbuf = kmalloc (len, GFP_KERNEL); 397 if (unlikely (!kbuf)) 398 goto free1; 399 400 value = ep_io (data, kbuf, len); 401 VDEBUG (data->dev, "%s read %zu OUT, status %d\n", 402 data->name, len, (int) value); 403 if (value >= 0 && copy_to_user (buf, kbuf, value)) 404 value = -EFAULT; 405 406 free1: 407 mutex_unlock(&data->lock); 408 kfree (kbuf); 409 return value; 410 } 411 412 /* handle a synchronous IN bulk/intr/iso transfer */ 413 static ssize_t 414 ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 415 { 416 struct ep_data *data = fd->private_data; 417 void *kbuf; 418 ssize_t value; 419 420 if ((value = get_ready_ep (fd->f_flags, data)) < 0) 421 return value; 422 423 /* halt any endpoint by doing a "wrong direction" i/o call */ 424 if (!usb_endpoint_dir_in(&data->desc)) { 425 if (usb_endpoint_xfer_isoc(&data->desc)) { 426 mutex_unlock(&data->lock); 427 return -EINVAL; 428 } 429 DBG (data->dev, "%s halt\n", data->name); 430 spin_lock_irq (&data->dev->lock); 431 if (likely (data->ep != NULL)) 432 usb_ep_set_halt (data->ep); 433 spin_unlock_irq (&data->dev->lock); 434 mutex_unlock(&data->lock); 435 return -EBADMSG; 436 } 437 438 /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */ 439 440 value = -ENOMEM; 441 kbuf = memdup_user(buf, len); 442 if (IS_ERR(kbuf)) { 443 value = PTR_ERR(kbuf); 444 kbuf = NULL; 445 goto free1; 446 } 447 448 value = ep_io (data, kbuf, len); 449 VDEBUG (data->dev, "%s write %zu IN, status %d\n", 450 data->name, len, (int) value); 451 free1: 452 mutex_unlock(&data->lock); 453 kfree (kbuf); 454 return value; 455 } 456 457 static int 458 ep_release (struct inode *inode, struct file *fd) 459 { 460 struct ep_data *data = fd->private_data; 461 int value; 462 463 value = mutex_lock_interruptible(&data->lock); 464 if (value < 0) 465 return value; 466 467 /* clean up if this can be reopened */ 468 if (data->state != STATE_EP_UNBOUND) { 469 data->state = STATE_EP_DISABLED; 470 data->desc.bDescriptorType = 0; 471 data->hs_desc.bDescriptorType = 0; 472 usb_ep_disable(data->ep); 473 } 474 mutex_unlock(&data->lock); 475 put_ep (data); 476 return 0; 477 } 478 479 static long ep_ioctl(struct file *fd, unsigned code, unsigned long value) 480 { 481 struct ep_data *data = fd->private_data; 482 int status; 483 484 if ((status = get_ready_ep (fd->f_flags, data)) < 0) 485 return status; 486 487 spin_lock_irq (&data->dev->lock); 488 if (likely (data->ep != NULL)) { 489 switch (code) { 490 case GADGETFS_FIFO_STATUS: 491 status = usb_ep_fifo_status (data->ep); 492 break; 493 case GADGETFS_FIFO_FLUSH: 494 usb_ep_fifo_flush (data->ep); 495 break; 496 case GADGETFS_CLEAR_HALT: 497 status = usb_ep_clear_halt (data->ep); 498 break; 499 default: 500 status = -ENOTTY; 501 } 502 } else 503 status = -ENODEV; 504 spin_unlock_irq (&data->dev->lock); 505 mutex_unlock(&data->lock); 506 return status; 507 } 508 509 /*----------------------------------------------------------------------*/ 510 511 /* ASYNCHRONOUS ENDPOINT I/O OPERATIONS (bulk/intr/iso) */ 512 513 struct kiocb_priv { 514 struct usb_request *req; 515 struct ep_data *epdata; 516 struct kiocb *iocb; 517 struct mm_struct *mm; 518 struct work_struct work; 519 void *buf; 520 const struct iovec *iv; 521 unsigned long nr_segs; 522 unsigned actual; 523 }; 524 525 static int ep_aio_cancel(struct kiocb *iocb) 526 { 527 struct kiocb_priv *priv = iocb->private; 528 struct ep_data *epdata; 529 int value; 530 531 local_irq_disable(); 532 epdata = priv->epdata; 533 // spin_lock(&epdata->dev->lock); 534 if (likely(epdata && epdata->ep && priv->req)) 535 value = usb_ep_dequeue (epdata->ep, priv->req); 536 else 537 value = -EINVAL; 538 // spin_unlock(&epdata->dev->lock); 539 local_irq_enable(); 540 541 return value; 542 } 543 544 static ssize_t ep_copy_to_user(struct kiocb_priv *priv) 545 { 546 ssize_t len, total; 547 void *to_copy; 548 int i; 549 550 /* copy stuff into user buffers */ 551 total = priv->actual; 552 len = 0; 553 to_copy = priv->buf; 554 for (i=0; i < priv->nr_segs; i++) { 555 ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total); 556 557 if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) { 558 if (len == 0) 559 len = -EFAULT; 560 break; 561 } 562 563 total -= this; 564 len += this; 565 to_copy += this; 566 if (total == 0) 567 break; 568 } 569 570 return len; 571 } 572 573 static void ep_user_copy_worker(struct work_struct *work) 574 { 575 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work); 576 struct mm_struct *mm = priv->mm; 577 struct kiocb *iocb = priv->iocb; 578 size_t ret; 579 580 use_mm(mm); 581 ret = ep_copy_to_user(priv); 582 unuse_mm(mm); 583 584 /* completing the iocb can drop the ctx and mm, don't touch mm after */ 585 aio_complete(iocb, ret, ret); 586 587 kfree(priv->buf); 588 kfree(priv); 589 } 590 591 static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req) 592 { 593 struct kiocb *iocb = req->context; 594 struct kiocb_priv *priv = iocb->private; 595 struct ep_data *epdata = priv->epdata; 596 597 /* lock against disconnect (and ideally, cancel) */ 598 spin_lock(&epdata->dev->lock); 599 priv->req = NULL; 600 priv->epdata = NULL; 601 602 /* if this was a write or a read returning no data then we 603 * don't need to copy anything to userspace, so we can 604 * complete the aio request immediately. 605 */ 606 if (priv->iv == NULL || unlikely(req->actual == 0)) { 607 kfree(req->buf); 608 kfree(priv); 609 iocb->private = NULL; 610 /* aio_complete() reports bytes-transferred _and_ faults */ 611 aio_complete(iocb, req->actual ? req->actual : req->status, 612 req->status); 613 } else { 614 /* ep_copy_to_user() won't report both; we hide some faults */ 615 if (unlikely(0 != req->status)) 616 DBG(epdata->dev, "%s fault %d len %d\n", 617 ep->name, req->status, req->actual); 618 619 priv->buf = req->buf; 620 priv->actual = req->actual; 621 schedule_work(&priv->work); 622 } 623 spin_unlock(&epdata->dev->lock); 624 625 usb_ep_free_request(ep, req); 626 put_ep(epdata); 627 } 628 629 static ssize_t 630 ep_aio_rwtail( 631 struct kiocb *iocb, 632 char *buf, 633 size_t len, 634 struct ep_data *epdata, 635 const struct iovec *iv, 636 unsigned long nr_segs 637 ) 638 { 639 struct kiocb_priv *priv; 640 struct usb_request *req; 641 ssize_t value; 642 643 priv = kmalloc(sizeof *priv, GFP_KERNEL); 644 if (!priv) { 645 value = -ENOMEM; 646 fail: 647 kfree(buf); 648 return value; 649 } 650 iocb->private = priv; 651 priv->iocb = iocb; 652 priv->iv = iv; 653 priv->nr_segs = nr_segs; 654 INIT_WORK(&priv->work, ep_user_copy_worker); 655 656 value = get_ready_ep(iocb->ki_filp->f_flags, epdata); 657 if (unlikely(value < 0)) { 658 kfree(priv); 659 goto fail; 660 } 661 662 kiocb_set_cancel_fn(iocb, ep_aio_cancel); 663 get_ep(epdata); 664 priv->epdata = epdata; 665 priv->actual = 0; 666 priv->mm = current->mm; /* mm teardown waits for iocbs in exit_aio() */ 667 668 /* each kiocb is coupled to one usb_request, but we can't 669 * allocate or submit those if the host disconnected. 670 */ 671 spin_lock_irq(&epdata->dev->lock); 672 if (likely(epdata->ep)) { 673 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC); 674 if (likely(req)) { 675 priv->req = req; 676 req->buf = buf; 677 req->length = len; 678 req->complete = ep_aio_complete; 679 req->context = iocb; 680 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC); 681 if (unlikely(0 != value)) 682 usb_ep_free_request(epdata->ep, req); 683 } else 684 value = -EAGAIN; 685 } else 686 value = -ENODEV; 687 spin_unlock_irq(&epdata->dev->lock); 688 689 mutex_unlock(&epdata->lock); 690 691 if (unlikely(value)) { 692 kfree(priv); 693 put_ep(epdata); 694 } else 695 value = -EIOCBQUEUED; 696 return value; 697 } 698 699 static ssize_t 700 ep_aio_read(struct kiocb *iocb, const struct iovec *iov, 701 unsigned long nr_segs, loff_t o) 702 { 703 struct ep_data *epdata = iocb->ki_filp->private_data; 704 char *buf; 705 706 if (unlikely(usb_endpoint_dir_in(&epdata->desc))) 707 return -EINVAL; 708 709 buf = kmalloc(iocb->ki_nbytes, GFP_KERNEL); 710 if (unlikely(!buf)) 711 return -ENOMEM; 712 713 return ep_aio_rwtail(iocb, buf, iocb->ki_nbytes, epdata, iov, nr_segs); 714 } 715 716 static ssize_t 717 ep_aio_write(struct kiocb *iocb, const struct iovec *iov, 718 unsigned long nr_segs, loff_t o) 719 { 720 struct ep_data *epdata = iocb->ki_filp->private_data; 721 char *buf; 722 size_t len = 0; 723 int i = 0; 724 725 if (unlikely(!usb_endpoint_dir_in(&epdata->desc))) 726 return -EINVAL; 727 728 buf = kmalloc(iocb->ki_nbytes, GFP_KERNEL); 729 if (unlikely(!buf)) 730 return -ENOMEM; 731 732 for (i=0; i < nr_segs; i++) { 733 if (unlikely(copy_from_user(&buf[len], iov[i].iov_base, 734 iov[i].iov_len) != 0)) { 735 kfree(buf); 736 return -EFAULT; 737 } 738 len += iov[i].iov_len; 739 } 740 return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0); 741 } 742 743 /*----------------------------------------------------------------------*/ 744 745 /* used after endpoint configuration */ 746 static const struct file_operations ep_io_operations = { 747 .owner = THIS_MODULE, 748 .llseek = no_llseek, 749 750 .read = ep_read, 751 .write = ep_write, 752 .unlocked_ioctl = ep_ioctl, 753 .release = ep_release, 754 755 .aio_read = ep_aio_read, 756 .aio_write = ep_aio_write, 757 }; 758 759 /* ENDPOINT INITIALIZATION 760 * 761 * fd = open ("/dev/gadget/$ENDPOINT", O_RDWR) 762 * status = write (fd, descriptors, sizeof descriptors) 763 * 764 * That write establishes the endpoint configuration, configuring 765 * the controller to process bulk, interrupt, or isochronous transfers 766 * at the right maxpacket size, and so on. 767 * 768 * The descriptors are message type 1, identified by a host order u32 769 * at the beginning of what's written. Descriptor order is: full/low 770 * speed descriptor, then optional high speed descriptor. 771 */ 772 static ssize_t 773 ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 774 { 775 struct ep_data *data = fd->private_data; 776 struct usb_ep *ep; 777 u32 tag; 778 int value, length = len; 779 780 value = mutex_lock_interruptible(&data->lock); 781 if (value < 0) 782 return value; 783 784 if (data->state != STATE_EP_READY) { 785 value = -EL2HLT; 786 goto fail; 787 } 788 789 value = len; 790 if (len < USB_DT_ENDPOINT_SIZE + 4) 791 goto fail0; 792 793 /* we might need to change message format someday */ 794 if (copy_from_user (&tag, buf, 4)) { 795 goto fail1; 796 } 797 if (tag != 1) { 798 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag); 799 goto fail0; 800 } 801 buf += 4; 802 len -= 4; 803 804 /* NOTE: audio endpoint extensions not accepted here; 805 * just don't include the extra bytes. 806 */ 807 808 /* full/low speed descriptor, then high speed */ 809 if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) { 810 goto fail1; 811 } 812 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE 813 || data->desc.bDescriptorType != USB_DT_ENDPOINT) 814 goto fail0; 815 if (len != USB_DT_ENDPOINT_SIZE) { 816 if (len != 2 * USB_DT_ENDPOINT_SIZE) 817 goto fail0; 818 if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE, 819 USB_DT_ENDPOINT_SIZE)) { 820 goto fail1; 821 } 822 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE 823 || data->hs_desc.bDescriptorType 824 != USB_DT_ENDPOINT) { 825 DBG(data->dev, "config %s, bad hs length or type\n", 826 data->name); 827 goto fail0; 828 } 829 } 830 831 spin_lock_irq (&data->dev->lock); 832 if (data->dev->state == STATE_DEV_UNBOUND) { 833 value = -ENOENT; 834 goto gone; 835 } else if ((ep = data->ep) == NULL) { 836 value = -ENODEV; 837 goto gone; 838 } 839 switch (data->dev->gadget->speed) { 840 case USB_SPEED_LOW: 841 case USB_SPEED_FULL: 842 ep->desc = &data->desc; 843 value = usb_ep_enable(ep); 844 if (value == 0) 845 data->state = STATE_EP_ENABLED; 846 break; 847 case USB_SPEED_HIGH: 848 /* fails if caller didn't provide that descriptor... */ 849 ep->desc = &data->hs_desc; 850 value = usb_ep_enable(ep); 851 if (value == 0) 852 data->state = STATE_EP_ENABLED; 853 break; 854 default: 855 DBG(data->dev, "unconnected, %s init abandoned\n", 856 data->name); 857 value = -EINVAL; 858 } 859 if (value == 0) { 860 fd->f_op = &ep_io_operations; 861 value = length; 862 } 863 gone: 864 spin_unlock_irq (&data->dev->lock); 865 if (value < 0) { 866 fail: 867 data->desc.bDescriptorType = 0; 868 data->hs_desc.bDescriptorType = 0; 869 } 870 mutex_unlock(&data->lock); 871 return value; 872 fail0: 873 value = -EINVAL; 874 goto fail; 875 fail1: 876 value = -EFAULT; 877 goto fail; 878 } 879 880 static int 881 ep_open (struct inode *inode, struct file *fd) 882 { 883 struct ep_data *data = inode->i_private; 884 int value = -EBUSY; 885 886 if (mutex_lock_interruptible(&data->lock) != 0) 887 return -EINTR; 888 spin_lock_irq (&data->dev->lock); 889 if (data->dev->state == STATE_DEV_UNBOUND) 890 value = -ENOENT; 891 else if (data->state == STATE_EP_DISABLED) { 892 value = 0; 893 data->state = STATE_EP_READY; 894 get_ep (data); 895 fd->private_data = data; 896 VDEBUG (data->dev, "%s ready\n", data->name); 897 } else 898 DBG (data->dev, "%s state %d\n", 899 data->name, data->state); 900 spin_unlock_irq (&data->dev->lock); 901 mutex_unlock(&data->lock); 902 return value; 903 } 904 905 /* used before endpoint configuration */ 906 static const struct file_operations ep_config_operations = { 907 .llseek = no_llseek, 908 909 .open = ep_open, 910 .write = ep_config, 911 .release = ep_release, 912 }; 913 914 /*----------------------------------------------------------------------*/ 915 916 /* EP0 IMPLEMENTATION can be partly in userspace. 917 * 918 * Drivers that use this facility receive various events, including 919 * control requests the kernel doesn't handle. Drivers that don't 920 * use this facility may be too simple-minded for real applications. 921 */ 922 923 static inline void ep0_readable (struct dev_data *dev) 924 { 925 wake_up (&dev->wait); 926 kill_fasync (&dev->fasync, SIGIO, POLL_IN); 927 } 928 929 static void clean_req (struct usb_ep *ep, struct usb_request *req) 930 { 931 struct dev_data *dev = ep->driver_data; 932 933 if (req->buf != dev->rbuf) { 934 kfree(req->buf); 935 req->buf = dev->rbuf; 936 } 937 req->complete = epio_complete; 938 dev->setup_out_ready = 0; 939 } 940 941 static void ep0_complete (struct usb_ep *ep, struct usb_request *req) 942 { 943 struct dev_data *dev = ep->driver_data; 944 unsigned long flags; 945 int free = 1; 946 947 /* for control OUT, data must still get to userspace */ 948 spin_lock_irqsave(&dev->lock, flags); 949 if (!dev->setup_in) { 950 dev->setup_out_error = (req->status != 0); 951 if (!dev->setup_out_error) 952 free = 0; 953 dev->setup_out_ready = 1; 954 ep0_readable (dev); 955 } 956 957 /* clean up as appropriate */ 958 if (free && req->buf != &dev->rbuf) 959 clean_req (ep, req); 960 req->complete = epio_complete; 961 spin_unlock_irqrestore(&dev->lock, flags); 962 } 963 964 static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len) 965 { 966 struct dev_data *dev = ep->driver_data; 967 968 if (dev->setup_out_ready) { 969 DBG (dev, "ep0 request busy!\n"); 970 return -EBUSY; 971 } 972 if (len > sizeof (dev->rbuf)) 973 req->buf = kmalloc(len, GFP_ATOMIC); 974 if (req->buf == NULL) { 975 req->buf = dev->rbuf; 976 return -ENOMEM; 977 } 978 req->complete = ep0_complete; 979 req->length = len; 980 req->zero = 0; 981 return 0; 982 } 983 984 static ssize_t 985 ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr) 986 { 987 struct dev_data *dev = fd->private_data; 988 ssize_t retval; 989 enum ep0_state state; 990 991 spin_lock_irq (&dev->lock); 992 993 /* report fd mode change before acting on it */ 994 if (dev->setup_abort) { 995 dev->setup_abort = 0; 996 retval = -EIDRM; 997 goto done; 998 } 999 1000 /* control DATA stage */ 1001 if ((state = dev->state) == STATE_DEV_SETUP) { 1002 1003 if (dev->setup_in) { /* stall IN */ 1004 VDEBUG(dev, "ep0in stall\n"); 1005 (void) usb_ep_set_halt (dev->gadget->ep0); 1006 retval = -EL2HLT; 1007 dev->state = STATE_DEV_CONNECTED; 1008 1009 } else if (len == 0) { /* ack SET_CONFIGURATION etc */ 1010 struct usb_ep *ep = dev->gadget->ep0; 1011 struct usb_request *req = dev->req; 1012 1013 if ((retval = setup_req (ep, req, 0)) == 0) 1014 retval = usb_ep_queue (ep, req, GFP_ATOMIC); 1015 dev->state = STATE_DEV_CONNECTED; 1016 1017 /* assume that was SET_CONFIGURATION */ 1018 if (dev->current_config) { 1019 unsigned power; 1020 1021 if (gadget_is_dualspeed(dev->gadget) 1022 && (dev->gadget->speed 1023 == USB_SPEED_HIGH)) 1024 power = dev->hs_config->bMaxPower; 1025 else 1026 power = dev->config->bMaxPower; 1027 usb_gadget_vbus_draw(dev->gadget, 2 * power); 1028 } 1029 1030 } else { /* collect OUT data */ 1031 if ((fd->f_flags & O_NONBLOCK) != 0 1032 && !dev->setup_out_ready) { 1033 retval = -EAGAIN; 1034 goto done; 1035 } 1036 spin_unlock_irq (&dev->lock); 1037 retval = wait_event_interruptible (dev->wait, 1038 dev->setup_out_ready != 0); 1039 1040 /* FIXME state could change from under us */ 1041 spin_lock_irq (&dev->lock); 1042 if (retval) 1043 goto done; 1044 1045 if (dev->state != STATE_DEV_SETUP) { 1046 retval = -ECANCELED; 1047 goto done; 1048 } 1049 dev->state = STATE_DEV_CONNECTED; 1050 1051 if (dev->setup_out_error) 1052 retval = -EIO; 1053 else { 1054 len = min (len, (size_t)dev->req->actual); 1055 // FIXME don't call this with the spinlock held ... 1056 if (copy_to_user (buf, dev->req->buf, len)) 1057 retval = -EFAULT; 1058 else 1059 retval = len; 1060 clean_req (dev->gadget->ep0, dev->req); 1061 /* NOTE userspace can't yet choose to stall */ 1062 } 1063 } 1064 goto done; 1065 } 1066 1067 /* else normal: return event data */ 1068 if (len < sizeof dev->event [0]) { 1069 retval = -EINVAL; 1070 goto done; 1071 } 1072 len -= len % sizeof (struct usb_gadgetfs_event); 1073 dev->usermode_setup = 1; 1074 1075 scan: 1076 /* return queued events right away */ 1077 if (dev->ev_next != 0) { 1078 unsigned i, n; 1079 1080 n = len / sizeof (struct usb_gadgetfs_event); 1081 if (dev->ev_next < n) 1082 n = dev->ev_next; 1083 1084 /* ep0 i/o has special semantics during STATE_DEV_SETUP */ 1085 for (i = 0; i < n; i++) { 1086 if (dev->event [i].type == GADGETFS_SETUP) { 1087 dev->state = STATE_DEV_SETUP; 1088 n = i + 1; 1089 break; 1090 } 1091 } 1092 spin_unlock_irq (&dev->lock); 1093 len = n * sizeof (struct usb_gadgetfs_event); 1094 if (copy_to_user (buf, &dev->event, len)) 1095 retval = -EFAULT; 1096 else 1097 retval = len; 1098 if (len > 0) { 1099 /* NOTE this doesn't guard against broken drivers; 1100 * concurrent ep0 readers may lose events. 1101 */ 1102 spin_lock_irq (&dev->lock); 1103 if (dev->ev_next > n) { 1104 memmove(&dev->event[0], &dev->event[n], 1105 sizeof (struct usb_gadgetfs_event) 1106 * (dev->ev_next - n)); 1107 } 1108 dev->ev_next -= n; 1109 spin_unlock_irq (&dev->lock); 1110 } 1111 return retval; 1112 } 1113 if (fd->f_flags & O_NONBLOCK) { 1114 retval = -EAGAIN; 1115 goto done; 1116 } 1117 1118 switch (state) { 1119 default: 1120 DBG (dev, "fail %s, state %d\n", __func__, state); 1121 retval = -ESRCH; 1122 break; 1123 case STATE_DEV_UNCONNECTED: 1124 case STATE_DEV_CONNECTED: 1125 spin_unlock_irq (&dev->lock); 1126 DBG (dev, "%s wait\n", __func__); 1127 1128 /* wait for events */ 1129 retval = wait_event_interruptible (dev->wait, 1130 dev->ev_next != 0); 1131 if (retval < 0) 1132 return retval; 1133 spin_lock_irq (&dev->lock); 1134 goto scan; 1135 } 1136 1137 done: 1138 spin_unlock_irq (&dev->lock); 1139 return retval; 1140 } 1141 1142 static struct usb_gadgetfs_event * 1143 next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type) 1144 { 1145 struct usb_gadgetfs_event *event; 1146 unsigned i; 1147 1148 switch (type) { 1149 /* these events purge the queue */ 1150 case GADGETFS_DISCONNECT: 1151 if (dev->state == STATE_DEV_SETUP) 1152 dev->setup_abort = 1; 1153 // FALL THROUGH 1154 case GADGETFS_CONNECT: 1155 dev->ev_next = 0; 1156 break; 1157 case GADGETFS_SETUP: /* previous request timed out */ 1158 case GADGETFS_SUSPEND: /* same effect */ 1159 /* these events can't be repeated */ 1160 for (i = 0; i != dev->ev_next; i++) { 1161 if (dev->event [i].type != type) 1162 continue; 1163 DBG(dev, "discard old event[%d] %d\n", i, type); 1164 dev->ev_next--; 1165 if (i == dev->ev_next) 1166 break; 1167 /* indices start at zero, for simplicity */ 1168 memmove (&dev->event [i], &dev->event [i + 1], 1169 sizeof (struct usb_gadgetfs_event) 1170 * (dev->ev_next - i)); 1171 } 1172 break; 1173 default: 1174 BUG (); 1175 } 1176 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type); 1177 event = &dev->event [dev->ev_next++]; 1178 BUG_ON (dev->ev_next > N_EVENT); 1179 memset (event, 0, sizeof *event); 1180 event->type = type; 1181 return event; 1182 } 1183 1184 static ssize_t 1185 ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 1186 { 1187 struct dev_data *dev = fd->private_data; 1188 ssize_t retval = -ESRCH; 1189 1190 spin_lock_irq (&dev->lock); 1191 1192 /* report fd mode change before acting on it */ 1193 if (dev->setup_abort) { 1194 dev->setup_abort = 0; 1195 retval = -EIDRM; 1196 1197 /* data and/or status stage for control request */ 1198 } else if (dev->state == STATE_DEV_SETUP) { 1199 1200 /* IN DATA+STATUS caller makes len <= wLength */ 1201 if (dev->setup_in) { 1202 retval = setup_req (dev->gadget->ep0, dev->req, len); 1203 if (retval == 0) { 1204 dev->state = STATE_DEV_CONNECTED; 1205 spin_unlock_irq (&dev->lock); 1206 if (copy_from_user (dev->req->buf, buf, len)) 1207 retval = -EFAULT; 1208 else { 1209 if (len < dev->setup_wLength) 1210 dev->req->zero = 1; 1211 retval = usb_ep_queue ( 1212 dev->gadget->ep0, dev->req, 1213 GFP_KERNEL); 1214 } 1215 if (retval < 0) { 1216 spin_lock_irq (&dev->lock); 1217 clean_req (dev->gadget->ep0, dev->req); 1218 spin_unlock_irq (&dev->lock); 1219 } else 1220 retval = len; 1221 1222 return retval; 1223 } 1224 1225 /* can stall some OUT transfers */ 1226 } else if (dev->setup_can_stall) { 1227 VDEBUG(dev, "ep0out stall\n"); 1228 (void) usb_ep_set_halt (dev->gadget->ep0); 1229 retval = -EL2HLT; 1230 dev->state = STATE_DEV_CONNECTED; 1231 } else { 1232 DBG(dev, "bogus ep0out stall!\n"); 1233 } 1234 } else 1235 DBG (dev, "fail %s, state %d\n", __func__, dev->state); 1236 1237 spin_unlock_irq (&dev->lock); 1238 return retval; 1239 } 1240 1241 static int 1242 ep0_fasync (int f, struct file *fd, int on) 1243 { 1244 struct dev_data *dev = fd->private_data; 1245 // caller must F_SETOWN before signal delivery happens 1246 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off"); 1247 return fasync_helper (f, fd, on, &dev->fasync); 1248 } 1249 1250 static struct usb_gadget_driver gadgetfs_driver; 1251 1252 static int 1253 dev_release (struct inode *inode, struct file *fd) 1254 { 1255 struct dev_data *dev = fd->private_data; 1256 1257 /* closing ep0 === shutdown all */ 1258 1259 usb_gadget_unregister_driver (&gadgetfs_driver); 1260 1261 /* at this point "good" hardware has disconnected the 1262 * device from USB; the host won't see it any more. 1263 * alternatively, all host requests will time out. 1264 */ 1265 1266 kfree (dev->buf); 1267 dev->buf = NULL; 1268 1269 /* other endpoints were all decoupled from this device */ 1270 spin_lock_irq(&dev->lock); 1271 dev->state = STATE_DEV_DISABLED; 1272 spin_unlock_irq(&dev->lock); 1273 1274 put_dev (dev); 1275 return 0; 1276 } 1277 1278 static unsigned int 1279 ep0_poll (struct file *fd, poll_table *wait) 1280 { 1281 struct dev_data *dev = fd->private_data; 1282 int mask = 0; 1283 1284 poll_wait(fd, &dev->wait, wait); 1285 1286 spin_lock_irq (&dev->lock); 1287 1288 /* report fd mode change before acting on it */ 1289 if (dev->setup_abort) { 1290 dev->setup_abort = 0; 1291 mask = POLLHUP; 1292 goto out; 1293 } 1294 1295 if (dev->state == STATE_DEV_SETUP) { 1296 if (dev->setup_in || dev->setup_can_stall) 1297 mask = POLLOUT; 1298 } else { 1299 if (dev->ev_next != 0) 1300 mask = POLLIN; 1301 } 1302 out: 1303 spin_unlock_irq(&dev->lock); 1304 return mask; 1305 } 1306 1307 static long dev_ioctl (struct file *fd, unsigned code, unsigned long value) 1308 { 1309 struct dev_data *dev = fd->private_data; 1310 struct usb_gadget *gadget = dev->gadget; 1311 long ret = -ENOTTY; 1312 1313 if (gadget->ops->ioctl) 1314 ret = gadget->ops->ioctl (gadget, code, value); 1315 1316 return ret; 1317 } 1318 1319 /* used after device configuration */ 1320 static const struct file_operations ep0_io_operations = { 1321 .owner = THIS_MODULE, 1322 .llseek = no_llseek, 1323 1324 .read = ep0_read, 1325 .write = ep0_write, 1326 .fasync = ep0_fasync, 1327 .poll = ep0_poll, 1328 .unlocked_ioctl = dev_ioctl, 1329 .release = dev_release, 1330 }; 1331 1332 /*----------------------------------------------------------------------*/ 1333 1334 /* The in-kernel gadget driver handles most ep0 issues, in particular 1335 * enumerating the single configuration (as provided from user space). 1336 * 1337 * Unrecognized ep0 requests may be handled in user space. 1338 */ 1339 1340 static void make_qualifier (struct dev_data *dev) 1341 { 1342 struct usb_qualifier_descriptor qual; 1343 struct usb_device_descriptor *desc; 1344 1345 qual.bLength = sizeof qual; 1346 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER; 1347 qual.bcdUSB = cpu_to_le16 (0x0200); 1348 1349 desc = dev->dev; 1350 qual.bDeviceClass = desc->bDeviceClass; 1351 qual.bDeviceSubClass = desc->bDeviceSubClass; 1352 qual.bDeviceProtocol = desc->bDeviceProtocol; 1353 1354 /* assumes ep0 uses the same value for both speeds ... */ 1355 qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket; 1356 1357 qual.bNumConfigurations = 1; 1358 qual.bRESERVED = 0; 1359 1360 memcpy (dev->rbuf, &qual, sizeof qual); 1361 } 1362 1363 static int 1364 config_buf (struct dev_data *dev, u8 type, unsigned index) 1365 { 1366 int len; 1367 int hs = 0; 1368 1369 /* only one configuration */ 1370 if (index > 0) 1371 return -EINVAL; 1372 1373 if (gadget_is_dualspeed(dev->gadget)) { 1374 hs = (dev->gadget->speed == USB_SPEED_HIGH); 1375 if (type == USB_DT_OTHER_SPEED_CONFIG) 1376 hs = !hs; 1377 } 1378 if (hs) { 1379 dev->req->buf = dev->hs_config; 1380 len = le16_to_cpu(dev->hs_config->wTotalLength); 1381 } else { 1382 dev->req->buf = dev->config; 1383 len = le16_to_cpu(dev->config->wTotalLength); 1384 } 1385 ((u8 *)dev->req->buf) [1] = type; 1386 return len; 1387 } 1388 1389 static int 1390 gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) 1391 { 1392 struct dev_data *dev = get_gadget_data (gadget); 1393 struct usb_request *req = dev->req; 1394 int value = -EOPNOTSUPP; 1395 struct usb_gadgetfs_event *event; 1396 u16 w_value = le16_to_cpu(ctrl->wValue); 1397 u16 w_length = le16_to_cpu(ctrl->wLength); 1398 1399 spin_lock (&dev->lock); 1400 dev->setup_abort = 0; 1401 if (dev->state == STATE_DEV_UNCONNECTED) { 1402 if (gadget_is_dualspeed(gadget) 1403 && gadget->speed == USB_SPEED_HIGH 1404 && dev->hs_config == NULL) { 1405 spin_unlock(&dev->lock); 1406 ERROR (dev, "no high speed config??\n"); 1407 return -EINVAL; 1408 } 1409 1410 dev->state = STATE_DEV_CONNECTED; 1411 1412 INFO (dev, "connected\n"); 1413 event = next_event (dev, GADGETFS_CONNECT); 1414 event->u.speed = gadget->speed; 1415 ep0_readable (dev); 1416 1417 /* host may have given up waiting for response. we can miss control 1418 * requests handled lower down (device/endpoint status and features); 1419 * then ep0_{read,write} will report the wrong status. controller 1420 * driver will have aborted pending i/o. 1421 */ 1422 } else if (dev->state == STATE_DEV_SETUP) 1423 dev->setup_abort = 1; 1424 1425 req->buf = dev->rbuf; 1426 req->context = NULL; 1427 value = -EOPNOTSUPP; 1428 switch (ctrl->bRequest) { 1429 1430 case USB_REQ_GET_DESCRIPTOR: 1431 if (ctrl->bRequestType != USB_DIR_IN) 1432 goto unrecognized; 1433 switch (w_value >> 8) { 1434 1435 case USB_DT_DEVICE: 1436 value = min (w_length, (u16) sizeof *dev->dev); 1437 dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket; 1438 req->buf = dev->dev; 1439 break; 1440 case USB_DT_DEVICE_QUALIFIER: 1441 if (!dev->hs_config) 1442 break; 1443 value = min (w_length, (u16) 1444 sizeof (struct usb_qualifier_descriptor)); 1445 make_qualifier (dev); 1446 break; 1447 case USB_DT_OTHER_SPEED_CONFIG: 1448 // FALLTHROUGH 1449 case USB_DT_CONFIG: 1450 value = config_buf (dev, 1451 w_value >> 8, 1452 w_value & 0xff); 1453 if (value >= 0) 1454 value = min (w_length, (u16) value); 1455 break; 1456 case USB_DT_STRING: 1457 goto unrecognized; 1458 1459 default: // all others are errors 1460 break; 1461 } 1462 break; 1463 1464 /* currently one config, two speeds */ 1465 case USB_REQ_SET_CONFIGURATION: 1466 if (ctrl->bRequestType != 0) 1467 goto unrecognized; 1468 if (0 == (u8) w_value) { 1469 value = 0; 1470 dev->current_config = 0; 1471 usb_gadget_vbus_draw(gadget, 8 /* mA */ ); 1472 // user mode expected to disable endpoints 1473 } else { 1474 u8 config, power; 1475 1476 if (gadget_is_dualspeed(gadget) 1477 && gadget->speed == USB_SPEED_HIGH) { 1478 config = dev->hs_config->bConfigurationValue; 1479 power = dev->hs_config->bMaxPower; 1480 } else { 1481 config = dev->config->bConfigurationValue; 1482 power = dev->config->bMaxPower; 1483 } 1484 1485 if (config == (u8) w_value) { 1486 value = 0; 1487 dev->current_config = config; 1488 usb_gadget_vbus_draw(gadget, 2 * power); 1489 } 1490 } 1491 1492 /* report SET_CONFIGURATION like any other control request, 1493 * except that usermode may not stall this. the next 1494 * request mustn't be allowed start until this finishes: 1495 * endpoints and threads set up, etc. 1496 * 1497 * NOTE: older PXA hardware (before PXA 255: without UDCCFR) 1498 * has bad/racey automagic that prevents synchronizing here. 1499 * even kernel mode drivers often miss them. 1500 */ 1501 if (value == 0) { 1502 INFO (dev, "configuration #%d\n", dev->current_config); 1503 usb_gadget_set_state(gadget, USB_STATE_CONFIGURED); 1504 if (dev->usermode_setup) { 1505 dev->setup_can_stall = 0; 1506 goto delegate; 1507 } 1508 } 1509 break; 1510 1511 #ifndef CONFIG_USB_PXA25X 1512 /* PXA automagically handles this request too */ 1513 case USB_REQ_GET_CONFIGURATION: 1514 if (ctrl->bRequestType != 0x80) 1515 goto unrecognized; 1516 *(u8 *)req->buf = dev->current_config; 1517 value = min (w_length, (u16) 1); 1518 break; 1519 #endif 1520 1521 default: 1522 unrecognized: 1523 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n", 1524 dev->usermode_setup ? "delegate" : "fail", 1525 ctrl->bRequestType, ctrl->bRequest, 1526 w_value, le16_to_cpu(ctrl->wIndex), w_length); 1527 1528 /* if there's an ep0 reader, don't stall */ 1529 if (dev->usermode_setup) { 1530 dev->setup_can_stall = 1; 1531 delegate: 1532 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN) 1533 ? 1 : 0; 1534 dev->setup_wLength = w_length; 1535 dev->setup_out_ready = 0; 1536 dev->setup_out_error = 0; 1537 value = 0; 1538 1539 /* read DATA stage for OUT right away */ 1540 if (unlikely (!dev->setup_in && w_length)) { 1541 value = setup_req (gadget->ep0, dev->req, 1542 w_length); 1543 if (value < 0) 1544 break; 1545 value = usb_ep_queue (gadget->ep0, dev->req, 1546 GFP_ATOMIC); 1547 if (value < 0) { 1548 clean_req (gadget->ep0, dev->req); 1549 break; 1550 } 1551 1552 /* we can't currently stall these */ 1553 dev->setup_can_stall = 0; 1554 } 1555 1556 /* state changes when reader collects event */ 1557 event = next_event (dev, GADGETFS_SETUP); 1558 event->u.setup = *ctrl; 1559 ep0_readable (dev); 1560 spin_unlock (&dev->lock); 1561 return 0; 1562 } 1563 } 1564 1565 /* proceed with data transfer and status phases? */ 1566 if (value >= 0 && dev->state != STATE_DEV_SETUP) { 1567 req->length = value; 1568 req->zero = value < w_length; 1569 value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC); 1570 if (value < 0) { 1571 DBG (dev, "ep_queue --> %d\n", value); 1572 req->status = 0; 1573 } 1574 } 1575 1576 /* device stalls when value < 0 */ 1577 spin_unlock (&dev->lock); 1578 return value; 1579 } 1580 1581 static void destroy_ep_files (struct dev_data *dev) 1582 { 1583 DBG (dev, "%s %d\n", __func__, dev->state); 1584 1585 /* dev->state must prevent interference */ 1586 spin_lock_irq (&dev->lock); 1587 while (!list_empty(&dev->epfiles)) { 1588 struct ep_data *ep; 1589 struct inode *parent; 1590 struct dentry *dentry; 1591 1592 /* break link to FS */ 1593 ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles); 1594 list_del_init (&ep->epfiles); 1595 dentry = ep->dentry; 1596 ep->dentry = NULL; 1597 parent = dentry->d_parent->d_inode; 1598 1599 /* break link to controller */ 1600 if (ep->state == STATE_EP_ENABLED) 1601 (void) usb_ep_disable (ep->ep); 1602 ep->state = STATE_EP_UNBOUND; 1603 usb_ep_free_request (ep->ep, ep->req); 1604 ep->ep = NULL; 1605 wake_up (&ep->wait); 1606 put_ep (ep); 1607 1608 spin_unlock_irq (&dev->lock); 1609 1610 /* break link to dcache */ 1611 mutex_lock (&parent->i_mutex); 1612 d_delete (dentry); 1613 dput (dentry); 1614 mutex_unlock (&parent->i_mutex); 1615 1616 spin_lock_irq (&dev->lock); 1617 } 1618 spin_unlock_irq (&dev->lock); 1619 } 1620 1621 1622 static struct dentry * 1623 gadgetfs_create_file (struct super_block *sb, char const *name, 1624 void *data, const struct file_operations *fops); 1625 1626 static int activate_ep_files (struct dev_data *dev) 1627 { 1628 struct usb_ep *ep; 1629 struct ep_data *data; 1630 1631 gadget_for_each_ep (ep, dev->gadget) { 1632 1633 data = kzalloc(sizeof(*data), GFP_KERNEL); 1634 if (!data) 1635 goto enomem0; 1636 data->state = STATE_EP_DISABLED; 1637 mutex_init(&data->lock); 1638 init_waitqueue_head (&data->wait); 1639 1640 strncpy (data->name, ep->name, sizeof (data->name) - 1); 1641 atomic_set (&data->count, 1); 1642 data->dev = dev; 1643 get_dev (dev); 1644 1645 data->ep = ep; 1646 ep->driver_data = data; 1647 1648 data->req = usb_ep_alloc_request (ep, GFP_KERNEL); 1649 if (!data->req) 1650 goto enomem1; 1651 1652 data->dentry = gadgetfs_create_file (dev->sb, data->name, 1653 data, &ep_config_operations); 1654 if (!data->dentry) 1655 goto enomem2; 1656 list_add_tail (&data->epfiles, &dev->epfiles); 1657 } 1658 return 0; 1659 1660 enomem2: 1661 usb_ep_free_request (ep, data->req); 1662 enomem1: 1663 put_dev (dev); 1664 kfree (data); 1665 enomem0: 1666 DBG (dev, "%s enomem\n", __func__); 1667 destroy_ep_files (dev); 1668 return -ENOMEM; 1669 } 1670 1671 static void 1672 gadgetfs_unbind (struct usb_gadget *gadget) 1673 { 1674 struct dev_data *dev = get_gadget_data (gadget); 1675 1676 DBG (dev, "%s\n", __func__); 1677 1678 spin_lock_irq (&dev->lock); 1679 dev->state = STATE_DEV_UNBOUND; 1680 spin_unlock_irq (&dev->lock); 1681 1682 destroy_ep_files (dev); 1683 gadget->ep0->driver_data = NULL; 1684 set_gadget_data (gadget, NULL); 1685 1686 /* we've already been disconnected ... no i/o is active */ 1687 if (dev->req) 1688 usb_ep_free_request (gadget->ep0, dev->req); 1689 DBG (dev, "%s done\n", __func__); 1690 put_dev (dev); 1691 } 1692 1693 static struct dev_data *the_device; 1694 1695 static int gadgetfs_bind(struct usb_gadget *gadget, 1696 struct usb_gadget_driver *driver) 1697 { 1698 struct dev_data *dev = the_device; 1699 1700 if (!dev) 1701 return -ESRCH; 1702 if (0 != strcmp (CHIP, gadget->name)) { 1703 pr_err("%s expected %s controller not %s\n", 1704 shortname, CHIP, gadget->name); 1705 return -ENODEV; 1706 } 1707 1708 set_gadget_data (gadget, dev); 1709 dev->gadget = gadget; 1710 gadget->ep0->driver_data = dev; 1711 1712 /* preallocate control response and buffer */ 1713 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL); 1714 if (!dev->req) 1715 goto enomem; 1716 dev->req->context = NULL; 1717 dev->req->complete = epio_complete; 1718 1719 if (activate_ep_files (dev) < 0) 1720 goto enomem; 1721 1722 INFO (dev, "bound to %s driver\n", gadget->name); 1723 spin_lock_irq(&dev->lock); 1724 dev->state = STATE_DEV_UNCONNECTED; 1725 spin_unlock_irq(&dev->lock); 1726 get_dev (dev); 1727 return 0; 1728 1729 enomem: 1730 gadgetfs_unbind (gadget); 1731 return -ENOMEM; 1732 } 1733 1734 static void 1735 gadgetfs_disconnect (struct usb_gadget *gadget) 1736 { 1737 struct dev_data *dev = get_gadget_data (gadget); 1738 unsigned long flags; 1739 1740 spin_lock_irqsave (&dev->lock, flags); 1741 if (dev->state == STATE_DEV_UNCONNECTED) 1742 goto exit; 1743 dev->state = STATE_DEV_UNCONNECTED; 1744 1745 INFO (dev, "disconnected\n"); 1746 next_event (dev, GADGETFS_DISCONNECT); 1747 ep0_readable (dev); 1748 exit: 1749 spin_unlock_irqrestore (&dev->lock, flags); 1750 } 1751 1752 static void 1753 gadgetfs_suspend (struct usb_gadget *gadget) 1754 { 1755 struct dev_data *dev = get_gadget_data (gadget); 1756 1757 INFO (dev, "suspended from state %d\n", dev->state); 1758 spin_lock (&dev->lock); 1759 switch (dev->state) { 1760 case STATE_DEV_SETUP: // VERY odd... host died?? 1761 case STATE_DEV_CONNECTED: 1762 case STATE_DEV_UNCONNECTED: 1763 next_event (dev, GADGETFS_SUSPEND); 1764 ep0_readable (dev); 1765 /* FALLTHROUGH */ 1766 default: 1767 break; 1768 } 1769 spin_unlock (&dev->lock); 1770 } 1771 1772 static struct usb_gadget_driver gadgetfs_driver = { 1773 .function = (char *) driver_desc, 1774 .bind = gadgetfs_bind, 1775 .unbind = gadgetfs_unbind, 1776 .setup = gadgetfs_setup, 1777 .reset = gadgetfs_disconnect, 1778 .disconnect = gadgetfs_disconnect, 1779 .suspend = gadgetfs_suspend, 1780 1781 .driver = { 1782 .name = (char *) shortname, 1783 }, 1784 }; 1785 1786 /*----------------------------------------------------------------------*/ 1787 1788 static void gadgetfs_nop(struct usb_gadget *arg) { } 1789 1790 static int gadgetfs_probe(struct usb_gadget *gadget, 1791 struct usb_gadget_driver *driver) 1792 { 1793 CHIP = gadget->name; 1794 return -EISNAM; 1795 } 1796 1797 static struct usb_gadget_driver probe_driver = { 1798 .max_speed = USB_SPEED_HIGH, 1799 .bind = gadgetfs_probe, 1800 .unbind = gadgetfs_nop, 1801 .setup = (void *)gadgetfs_nop, 1802 .disconnect = gadgetfs_nop, 1803 .driver = { 1804 .name = "nop", 1805 }, 1806 }; 1807 1808 1809 /* DEVICE INITIALIZATION 1810 * 1811 * fd = open ("/dev/gadget/$CHIP", O_RDWR) 1812 * status = write (fd, descriptors, sizeof descriptors) 1813 * 1814 * That write establishes the device configuration, so the kernel can 1815 * bind to the controller ... guaranteeing it can handle enumeration 1816 * at all necessary speeds. Descriptor order is: 1817 * 1818 * . message tag (u32, host order) ... for now, must be zero; it 1819 * would change to support features like multi-config devices 1820 * . full/low speed config ... all wTotalLength bytes (with interface, 1821 * class, altsetting, endpoint, and other descriptors) 1822 * . high speed config ... all descriptors, for high speed operation; 1823 * this one's optional except for high-speed hardware 1824 * . device descriptor 1825 * 1826 * Endpoints are not yet enabled. Drivers must wait until device 1827 * configuration and interface altsetting changes create 1828 * the need to configure (or unconfigure) them. 1829 * 1830 * After initialization, the device stays active for as long as that 1831 * $CHIP file is open. Events must then be read from that descriptor, 1832 * such as configuration notifications. 1833 */ 1834 1835 static int is_valid_config (struct usb_config_descriptor *config) 1836 { 1837 return config->bDescriptorType == USB_DT_CONFIG 1838 && config->bLength == USB_DT_CONFIG_SIZE 1839 && config->bConfigurationValue != 0 1840 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0 1841 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0; 1842 /* FIXME if gadget->is_otg, _must_ include an otg descriptor */ 1843 /* FIXME check lengths: walk to end */ 1844 } 1845 1846 static ssize_t 1847 dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 1848 { 1849 struct dev_data *dev = fd->private_data; 1850 ssize_t value = len, length = len; 1851 unsigned total; 1852 u32 tag; 1853 char *kbuf; 1854 1855 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) 1856 return -EINVAL; 1857 1858 /* we might need to change message format someday */ 1859 if (copy_from_user (&tag, buf, 4)) 1860 return -EFAULT; 1861 if (tag != 0) 1862 return -EINVAL; 1863 buf += 4; 1864 length -= 4; 1865 1866 kbuf = memdup_user(buf, length); 1867 if (IS_ERR(kbuf)) 1868 return PTR_ERR(kbuf); 1869 1870 spin_lock_irq (&dev->lock); 1871 value = -EINVAL; 1872 if (dev->buf) 1873 goto fail; 1874 dev->buf = kbuf; 1875 1876 /* full or low speed config */ 1877 dev->config = (void *) kbuf; 1878 total = le16_to_cpu(dev->config->wTotalLength); 1879 if (!is_valid_config (dev->config) || total >= length) 1880 goto fail; 1881 kbuf += total; 1882 length -= total; 1883 1884 /* optional high speed config */ 1885 if (kbuf [1] == USB_DT_CONFIG) { 1886 dev->hs_config = (void *) kbuf; 1887 total = le16_to_cpu(dev->hs_config->wTotalLength); 1888 if (!is_valid_config (dev->hs_config) || total >= length) 1889 goto fail; 1890 kbuf += total; 1891 length -= total; 1892 } 1893 1894 /* could support multiple configs, using another encoding! */ 1895 1896 /* device descriptor (tweaked for paranoia) */ 1897 if (length != USB_DT_DEVICE_SIZE) 1898 goto fail; 1899 dev->dev = (void *)kbuf; 1900 if (dev->dev->bLength != USB_DT_DEVICE_SIZE 1901 || dev->dev->bDescriptorType != USB_DT_DEVICE 1902 || dev->dev->bNumConfigurations != 1) 1903 goto fail; 1904 dev->dev->bNumConfigurations = 1; 1905 dev->dev->bcdUSB = cpu_to_le16 (0x0200); 1906 1907 /* triggers gadgetfs_bind(); then we can enumerate. */ 1908 spin_unlock_irq (&dev->lock); 1909 if (dev->hs_config) 1910 gadgetfs_driver.max_speed = USB_SPEED_HIGH; 1911 else 1912 gadgetfs_driver.max_speed = USB_SPEED_FULL; 1913 1914 value = usb_gadget_probe_driver(&gadgetfs_driver); 1915 if (value != 0) { 1916 kfree (dev->buf); 1917 dev->buf = NULL; 1918 } else { 1919 /* at this point "good" hardware has for the first time 1920 * let the USB the host see us. alternatively, if users 1921 * unplug/replug that will clear all the error state. 1922 * 1923 * note: everything running before here was guaranteed 1924 * to choke driver model style diagnostics. from here 1925 * on, they can work ... except in cleanup paths that 1926 * kick in after the ep0 descriptor is closed. 1927 */ 1928 fd->f_op = &ep0_io_operations; 1929 value = len; 1930 } 1931 return value; 1932 1933 fail: 1934 spin_unlock_irq (&dev->lock); 1935 pr_debug ("%s: %s fail %Zd, %p\n", shortname, __func__, value, dev); 1936 kfree (dev->buf); 1937 dev->buf = NULL; 1938 return value; 1939 } 1940 1941 static int 1942 dev_open (struct inode *inode, struct file *fd) 1943 { 1944 struct dev_data *dev = inode->i_private; 1945 int value = -EBUSY; 1946 1947 spin_lock_irq(&dev->lock); 1948 if (dev->state == STATE_DEV_DISABLED) { 1949 dev->ev_next = 0; 1950 dev->state = STATE_DEV_OPENED; 1951 fd->private_data = dev; 1952 get_dev (dev); 1953 value = 0; 1954 } 1955 spin_unlock_irq(&dev->lock); 1956 return value; 1957 } 1958 1959 static const struct file_operations dev_init_operations = { 1960 .llseek = no_llseek, 1961 1962 .open = dev_open, 1963 .write = dev_config, 1964 .fasync = ep0_fasync, 1965 .unlocked_ioctl = dev_ioctl, 1966 .release = dev_release, 1967 }; 1968 1969 /*----------------------------------------------------------------------*/ 1970 1971 /* FILESYSTEM AND SUPERBLOCK OPERATIONS 1972 * 1973 * Mounting the filesystem creates a controller file, used first for 1974 * device configuration then later for event monitoring. 1975 */ 1976 1977 1978 /* FIXME PAM etc could set this security policy without mount options 1979 * if epfiles inherited ownership and permissons from ep0 ... 1980 */ 1981 1982 static unsigned default_uid; 1983 static unsigned default_gid; 1984 static unsigned default_perm = S_IRUSR | S_IWUSR; 1985 1986 module_param (default_uid, uint, 0644); 1987 module_param (default_gid, uint, 0644); 1988 module_param (default_perm, uint, 0644); 1989 1990 1991 static struct inode * 1992 gadgetfs_make_inode (struct super_block *sb, 1993 void *data, const struct file_operations *fops, 1994 int mode) 1995 { 1996 struct inode *inode = new_inode (sb); 1997 1998 if (inode) { 1999 inode->i_ino = get_next_ino(); 2000 inode->i_mode = mode; 2001 inode->i_uid = make_kuid(&init_user_ns, default_uid); 2002 inode->i_gid = make_kgid(&init_user_ns, default_gid); 2003 inode->i_atime = inode->i_mtime = inode->i_ctime 2004 = CURRENT_TIME; 2005 inode->i_private = data; 2006 inode->i_fop = fops; 2007 } 2008 return inode; 2009 } 2010 2011 /* creates in fs root directory, so non-renamable and non-linkable. 2012 * so inode and dentry are paired, until device reconfig. 2013 */ 2014 static struct dentry * 2015 gadgetfs_create_file (struct super_block *sb, char const *name, 2016 void *data, const struct file_operations *fops) 2017 { 2018 struct dentry *dentry; 2019 struct inode *inode; 2020 2021 dentry = d_alloc_name(sb->s_root, name); 2022 if (!dentry) 2023 return NULL; 2024 2025 inode = gadgetfs_make_inode (sb, data, fops, 2026 S_IFREG | (default_perm & S_IRWXUGO)); 2027 if (!inode) { 2028 dput(dentry); 2029 return NULL; 2030 } 2031 d_add (dentry, inode); 2032 return dentry; 2033 } 2034 2035 static const struct super_operations gadget_fs_operations = { 2036 .statfs = simple_statfs, 2037 .drop_inode = generic_delete_inode, 2038 }; 2039 2040 static int 2041 gadgetfs_fill_super (struct super_block *sb, void *opts, int silent) 2042 { 2043 struct inode *inode; 2044 struct dev_data *dev; 2045 2046 if (the_device) 2047 return -ESRCH; 2048 2049 /* fake probe to determine $CHIP */ 2050 CHIP = NULL; 2051 usb_gadget_probe_driver(&probe_driver); 2052 if (!CHIP) 2053 return -ENODEV; 2054 2055 /* superblock */ 2056 sb->s_blocksize = PAGE_CACHE_SIZE; 2057 sb->s_blocksize_bits = PAGE_CACHE_SHIFT; 2058 sb->s_magic = GADGETFS_MAGIC; 2059 sb->s_op = &gadget_fs_operations; 2060 sb->s_time_gran = 1; 2061 2062 /* root inode */ 2063 inode = gadgetfs_make_inode (sb, 2064 NULL, &simple_dir_operations, 2065 S_IFDIR | S_IRUGO | S_IXUGO); 2066 if (!inode) 2067 goto Enomem; 2068 inode->i_op = &simple_dir_inode_operations; 2069 if (!(sb->s_root = d_make_root (inode))) 2070 goto Enomem; 2071 2072 /* the ep0 file is named after the controller we expect; 2073 * user mode code can use it for sanity checks, like we do. 2074 */ 2075 dev = dev_new (); 2076 if (!dev) 2077 goto Enomem; 2078 2079 dev->sb = sb; 2080 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &dev_init_operations); 2081 if (!dev->dentry) { 2082 put_dev(dev); 2083 goto Enomem; 2084 } 2085 2086 /* other endpoint files are available after hardware setup, 2087 * from binding to a controller. 2088 */ 2089 the_device = dev; 2090 return 0; 2091 2092 Enomem: 2093 return -ENOMEM; 2094 } 2095 2096 /* "mount -t gadgetfs path /dev/gadget" ends up here */ 2097 static struct dentry * 2098 gadgetfs_mount (struct file_system_type *t, int flags, 2099 const char *path, void *opts) 2100 { 2101 return mount_single (t, flags, opts, gadgetfs_fill_super); 2102 } 2103 2104 static void 2105 gadgetfs_kill_sb (struct super_block *sb) 2106 { 2107 kill_litter_super (sb); 2108 if (the_device) { 2109 put_dev (the_device); 2110 the_device = NULL; 2111 } 2112 } 2113 2114 /*----------------------------------------------------------------------*/ 2115 2116 static struct file_system_type gadgetfs_type = { 2117 .owner = THIS_MODULE, 2118 .name = shortname, 2119 .mount = gadgetfs_mount, 2120 .kill_sb = gadgetfs_kill_sb, 2121 }; 2122 MODULE_ALIAS_FS("gadgetfs"); 2123 2124 /*----------------------------------------------------------------------*/ 2125 2126 static int __init init (void) 2127 { 2128 int status; 2129 2130 status = register_filesystem (&gadgetfs_type); 2131 if (status == 0) 2132 pr_info ("%s: %s, version " DRIVER_VERSION "\n", 2133 shortname, driver_desc); 2134 return status; 2135 } 2136 module_init (init); 2137 2138 static void __exit cleanup (void) 2139 { 2140 pr_debug ("unregister %s\n", shortname); 2141 unregister_filesystem (&gadgetfs_type); 2142 } 2143 module_exit (cleanup); 2144 2145